跨域请求被阻止：同源策略不允许读取远程资源？

Question

我使用 file system 在 IIS 上发布我的 .net 核心应用程序，当我在浏览器中打开应用程序时，它不会连接到数据库并将我抛出错误（在 firefox 的控制台中），但如果我从 VS 2019 运行它可以工作很好，没有任何错误。非常感谢任何帮助。

Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://localhost:44374/api/userLogin/?username=test&password=test. (Reason: CORS request did not succeed)

这是我的appsetting：

  "Logging": {
      "LogLevel": {
      "Default": "Information",
      "Microsoft": "Warning",
      "Microsoft.Hosting.Lifetime": "Information"
      }
    },
  "AllowedHosts": "*",
  "ConnectionStrings": {
    "patientDB": "Data Source=DESKTOP-FE7Q19U\\SQLEXPRESS;Initial Catalog=MDSS;Integrated Security=True"
  }
}

这是我的launchsetting：

{
  "iisSettings": {
    "windowsAuthentication": false,
    "anonymousAuthentication": true,
    "iisExpress": {
      "applicationUrl": "http://localhost:51911",
      "sslPort": 44374
    }
  },
  "profiles": {
    "IIS Express": {
      "commandName": "IISExpress",
      "launchBrowser": true,
      "environmentVariables": {
        "ASPNETCORE_ENVIRONMENT": "Development"
      }
    },
    "ReactC_MDSS": {
      "commandName": "Project",
      "launchBrowser": true,
      "applicationUrl": "https://localhost:5001;http://localhost:5000",
      "environmentVariables": {
        "ASPNETCORE_ENVIRONMENT": "Development"
      }
    }
  }
}

这是我的startup：

public Startup(IConfiguration configuration)
        {
            Configuration = configuration;
        }

        public IConfiguration Configuration { get; }

        // This method gets called by the runtime. Use this method to add services to the container.
        public void ConfigureServices(IServiceCollection services)
        {

            services.AddControllersWithViews();
            services.AddDbContext<patientDbContext>(o => o.UseSqlServer(Configuration.GetConnectionString("patientDB")));
           
            // In production, the React files will be served from this directory
            services.AddSpaStaticFiles(configuration =>
            {
                configuration.RootPath = "ClientApp/build";
            });


   

        }

        // This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
        public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
        {
            if (env.IsDevelopment())
            {
                app.UseDeveloperExceptionPage();
            }
            else
            {
                app.UseExceptionHandler("/Error");
                // The default HSTS value is 30 days. You may want to change this for production scenarios, see https://aka.ms/aspnetcore-hsts.
                app.UseHsts();
            }

            app.UseHttpsRedirection();
            app.UseStaticFiles();
            app.UseSpaStaticFiles();

            

            app.UseRouting();

            app.UseEndpoints(endpoints =>
            {
                endpoints.MapControllerRoute(
                    name: "default",
                    pattern: "{controller}/{action=Index}/{id?}");
            });

            app.UseSpa(spa =>
            {
                spa.Options.SourcePath = "ClientApp";

                if (env.IsDevelopment())
                {
                    spa.UseReactDevelopmentServer(npmScript: "start");
                }
            });
        }
    }
}

我尝试添加 cors 但不知何故它不起作用。

Answer 1

IIS 上的 cors-error 与您开发时使用的端口相同 (https://localhost:44374)。你能在你的反应代码中显示 API 请求的代码吗？你真的指的是应用程序基地址（即'api/userLogin/?username=test&password=test'）还是硬编码的本地主机路径（'https://localhost:44374/api/userLogin/?username=test&password=test '）？由于 CORS 策略，后者将被浏览器阻止。但是可以在 Startup.cs 中添加异常